Communication apparatus

ABSTRACT

A communication apparatus includes: a first storage unit registering a plurality of addresses of a plurality of communication apparatuses; a command sending unit sending a first command for requesting a first public key, which corresponds to a first secret key of the first communication apparatus, to the address of the first communication apparatus; a response receiving unit receiving from the first communication apparatus a first response including the first public key; a storage control unit associating the first public key the address of the first communication apparatus and registering the first public key; an encrypted data generating unit encrypting first data, which is to be sent to the first communication apparatus, using the first public key registered in association with the address of the first communication apparatus to generate first encrypted data; and a data sending unit sending the first encrypted data to the address of the first communication apparatus.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority from Japanese Patent Application No.2009-084512 filed on Mar. 31, 2009, the entire subject matter of whichis incorporated herein by reference.

TECHNICAL FIELD

The present invention relates to a communication apparatus, andspecifically, to a communication apparatus capable of communicationusing an encryption technique.

BACKGROUND

With communicating data through the Internet, there is a fear of thedata being falsified or being viewed by a third party, and there is aproblem of ensuring security of data.

There has been proposed a known technique for encrypting data in orderto prevent falsification of data or viewing of data by a third party.For example, a communication apparatus X encrypts data using a publickey of a communication apparatus Y, and sends the encrypted data to thecommunication apparatus Y. The communication apparatus Y decodes theencrypted data by a self-secret key and acquires the data. Consequently,a third party can be prevented from sneaking a look at data.

SUMMARY

Illustrative aspects of exemplary embodiments of the present inventionmay provide an art capability of increasing the possibility ofpossessing a public key of a receiving party in the case of having tocommunicate data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a configuration of a multi-function device system;

FIG. 2 shows one example of registered contents of a device settingtable;

FIG. 3 shows one example of registered contents of an address table;

FIG. 4 shows one example of registered contents of a certificate table;

FIG. 5 shows a flowchart of communication processing executed by amulti-function device according to a first exemplary embodiment;

FIG. 6 shows another flowchart of the communication processing executedby the multi-function device according to the first exemplaryembodiment;

FIG. 7 shows still another flowchart of the communication processingexecuted by the multi-function device according to the first exemplaryembodiment;

FIG. 8 shows still another flowchart of the communication processingexecuted by the multi-function device according to a second exemplaryembodiment); and

FIG. 9 shows another flowchart of the communication processing executedby the multi-function device according to the second exemplaryembodiment.

DETAILED DESCRIPTION General Overview

When using an encryption technique, it becomes necessary to possess apublic key of a communication receiving party. For example, in the knowntechnique, the communication apparatus X cannot encrypt data, which willbe sent to the communication apparatus Y, when the communicationapparatus X does not possess the public key of the communicationapparatus Y. That is, the encryption technique cannot be used when thepublic key of the communication receiving party is not possessed in thecase of having to communicate data.

Therefore, illustrative aspects of exemplary embodiments of the presentinvention may provide an art capability of increasing the possibility ofpossessing a public key of a receiving party in the case of having tocommunicate data.

The art of the present invention relates to a communication apparatus.The “communication apparatus” includes all devices for executingcommunication processing. The communication processing may be processingfor sending data or processing for receiving data. An example of thecommunication apparatus can include a personal computer (hereinaftercalled a PC), a server, a printer, a scanner, a copy machine, afacsimile, a multifunction device, etc. The communication apparatusincludes a first storage unit, a command sending unit, a responsereceiving unit, a storage control unit, an encrypted data generatingunit and a data sending unit.

An address of another communication apparatus is registered in the firststorage unit. Incidentally, the term “a first storage unit” may bereferred to as, for example, an “address book”. The term “address”includes all addresses capable of communicating with anothercommunication apparatus described above, and includes, for example, anelectronic mail address, a network address, a node name, a MAC address,an IP address, etc. The command sending unit sends a first command forrequesting a first public key corresponding to a first secret key of afirst communication apparatus to an address of the first communicationapparatus in the case of registering an address of the firstcommunication apparatus in the first storage unit. The responsereceiving unit receives a first response including the first public keyto the first command. The storage control unit registers the firstpublic key included in the first response in a state of associating thefirst public key with an address of the first communication apparatus.Incidentally, the storage control unit may register the first public keyincluded in the first response in the first storage unit or otherstorage units. The encrypted data generating unit generates firstencrypted data by encrypting first data using the first public keyregistered in a state of being associated with the address of the firstcommunication apparatus in the case of having to send the first data tothe address of the first communication apparatus. The data sending unitsends the first encrypted data to the address of the first communicationapparatus.

According thereto, the first command for requesting the first public keyof the first communication apparatus can be sent in the case ofregistering the address of the first communication apparatus in firststorage unit. Consequently, the first public key of the firstcommunication apparatus can be acquired. As a result, it becomespossible to increase a possibility of possessing the public key of thefirst communication apparatus, which is the communication receivingparty, in the case of having to send first data to the firstcommunication apparatus. Further, according to the communicationapparatus described above, the first data encrypted using the firstpublic key of the first communication apparatus can be sent to the firstcommunication apparatus.

That is, according to a first illustrative aspect of the invention,there is provided a communication apparatus comprising: a first storageunit that is configured to register a plurality of addresses of aplurality of communication apparatuses; a command sending unit that isconfigured to, upon receiving a request to register an address of afirst communication apparatus in the first storage unit, send a firstcommand for requesting a first public key, which corresponds to a firstsecret key of the first communication apparatus, to the address of thefirst communication apparatus; a response receiving unit that isconfigured to receive from the first communication apparatus a firstresponse including the first public key to the first command; a storagecontrol unit, which is configured to associate the first public keyincluded in the first response with the address of the firstcommunication apparatus, and which is configured to register the firstpublic key; an encrypted data generating unit that is configured toencrypt first data, using the first public key registered in associationwith the address of the first communication apparatus so as to generatefirst encrypted data when receiving a request to send the first data tothe first communication apparatus; and a data sending unit that isconfigured to send the first encrypted data to the address of the firstcommunication apparatus.

According to a second illustrative aspect of the invention, thecommunication apparatus further comprises: a first selective permissionunit that is configured to, upon receiving a request to register anaddress of a new communication apparatus in the first storage unit,allow a user to select whether or not a command for requesting a publickey corresponding to a secret key of the new communication apparatus issent to the address of the new communication apparatus; a second storageunit that is configured to register setting information corresponding toa selection result in the first selective permission unit; and a firstdetermination unit that is configured to, upon registering the addressof the first communication apparatus in the first storage unit,determine whether or not the setting information registered in thesecond storage unit corresponds to a positive selection result, whereinthe command sending unit sends the first command if a positivedetermination is made by the first determination unit.

According thereto, a user can determine whether or not to send the firstcommand to the address of the first communication apparatus newlyregistered in the first storage unit.

According to a third illustrative aspect of the invention, thecommunication apparatus further comprises: a communication unit that isconfigured to execute communication processing when receiving a requestto send second data to an address of a second communication apparatus,the address of which is not registered in the first storage unit, thecommunication processing comprising: sending a second command forrequesting a second public key corresponding to a second secret key ofthe second communication apparatus to the address of the secondcommunication apparatus; and receiving a second response comprising thesecond public key to the second command, wherein the encrypted datagenerating unit generates second encrypted data by encrypting the seconddata using the second public key included in the second response,wherein the data sending unit sends the second encrypted data to theaddress of the second communication apparatus, and wherein thecommunication unit does not execute the communication processing whenthe first data is to be sent to the first communication apparatus.

According thereto, the second public key of the second communicationapparatus can be acquired prior to sending the second data in the caseof having to send the second data to the address of the secondcommunication apparatus that is not registered in the first storageunit. As a result, the communication apparatus can generate the secondencrypted data using the acquired second public key and can send thesecond encrypted data to the second communication apparatus. On theother hand, in the case of having to send the first data to the firstcommunication apparatus, the address of the first communicationapparatus has already been registered in the first storage unit and thefirst public key has already been acquired. Therefore, even when theabove-described communication processing is not executed, thecommunication apparatus can generate the first encrypted data and cansend the first encrypted data to the first communication apparatus. Inthis case, the communication processing can be omitted, and thus a loadof processing can be reduced.

According to a fourth illustrative aspect of the invention, in thecommunication apparatus, wherein the first command sent by the commandsending unit comprises a third public key corresponding to a thirdsecret key of the communication apparatus.

According thereto, the communication apparatus can send the self-publickey when the self-public key is not sent to the address of a sendingdestination of a command.

According to a fifth illustrative aspect of the invention, thecommunication apparatus further comprises: a command receiving unit thatis configured to receive a third command for requesting a fourth publickey corresponding to a fourth secret key of the communication apparatus;and a public key sending unit that is configured to send the fourthpublic key to a sending source of the third command.

According thereto, upon receipt of a command for requesting theself-public key, the self-public key can be sent to the address of asending source of the command.

According to a sixth illustrative aspect of the invention, thecommunication apparatus further comprises: a second selective permissionunit that is configured to allow a user to select whether or not thefourth public key is to be sent according to the third command; a thirdstorage unit that is configured to register setting informationcorresponding to a selection result in the second selective permissionunit; and a second determination unit which, upon receiving the thirdcommand by the command receiving unit, is configured to determinewhether or not the setting information registered in the third storageunit corresponds to a positive selection result, wherein the public keysending unit sends the fourth public key to the sending source of thethird command if a positive determination is made by the seconddetermination unit.

According thereto, upon receipt of the command for requesting theself-public key, the user can determine whether or not the self-publickey is sent to the address of the sending source of the command.

According to a seventh illustrative aspect of the invention, in thecommunication apparatus, wherein the public key sending unit sends thefourth public key to the sending source of the third command if a publickey corresponding to a secret key of the sending source of the thirdcommand is included in the third command.

According thereto, upon receipt of the self-public key of thecommunication apparatus of an address of the sending source of the thirdcommand, the self-public key can be sent to the sending source of thethird command. That is, the self-public key can be sent to the sendingsource of the third command if the public key is exchanged.

According to an eighth illustrative aspect of the invention, in thecommunication apparatus, wherein the storage control unit associates thepublic key corresponding to the secret key of the sending source of thethird command included in the third command with an address of thesending source.

According thereto, by registering the acquired public key in a state ofassociating the acquired public key with the address of the sendingsource of the third command, encrypted data using the acquired publickey can be sent to the communication apparatus of the sending source ofthe third command.

According to a ninth illustrative aspect of the invention, in thecommunication apparatus, wherein the first public key is included in adevice certificate authenticated by a certification authority.

Incidentally, a computer program and a control method for implementingthe above-described communication apparatus are novel and useful.Further, a communication system including the above-describedcommunication apparatus and other communication apparatus (for example,the first communication apparatus, the second communication apparatus orthe communication apparatus of a sending source of the third command) isnovel and useful.

Exemplary Embodiments

Exemplary embodiments of the invention will now be described withreference to the drawings.

A part of the art described in the following embodiments is listed.

(Mode 1) A first data may be a common key.

(Mode 2) An encrypted data generating unit may generate an encryptedelectronic mail text by encrypting an electronic mail text using thefirst data (common key). A data sending unit may send electronic mailincluding an encrypted electronic mail text and a first encrypted datain which the first data (common key) is encrypted to an address of afirst communication apparatus.

(Mode 3) A first communication apparatus may further include: a commonkey acquiring unit that acquires the common key by decoding the firstencrypted data by a self-secret key; and an electronic mail textacquiring unit that acquires the electronic mail text by decoding theencrypted electronic mail text using the acquired common key.

(Mode 4) The Encrypted data generating unit may generate digest data bydigesting the electronic mail text and generate encrypted text digestdata by encrypting the digest data by the self-secret key. The datasending unit may send electronic mail including the encrypted textdigest data and the first encrypted data, in which the first data(common key) is encrypted, to the address of the first communicationapparatus.

(Mode 5) A first communication apparatus may further include averification unit, which generates a first digest data by decoding theencrypted digest data using a public key of the communication apparatus,which generates a second digest data by digesting the electronic mailtext, and which compares the first digest data with the second digestdata.

First Exemplary Embodiment

(Configuration of System)

FIG. 1 shows a schematic diagram of a multi-function device system 2 ofthe first exemplary embodiment. The multi-function device system 2includes the Internet 4, plural multi-function devices 10, 40, an SMTPserver 6 and a POP3 server 8. The plural multi-function devices 10, 40,the SMTP server 6 and the POP3 server 8 are connected to the Internet 4.Incidentally, in FIG. 1, only two multi-function devices 10, 40 areshown, but the number of multi-function devices can be changed properly.

(Encryption Technique by S/MIME)

The multi-function device 10 is a communication apparatus capable ofcommunicating electronic mail using an encryption technique by S/MIME(Secure/Multipurpose Internet Mail Extensions). Incidentally, themulti-function device 40 has a configuration similar to that of themulti-function device 10.

A mechanism at the time of conducting communication of electronic mailusing the encryption technique by S/MIME between the multi-functiondevice 10 and the multi-function device 40 will hereinafter bedescribed. The multi-function device 10 encrypts an electronic mail textusing a common key and encrypts the common key by a public key of themulti-function device 40. Further, the multi-function device 10 sendselectronic mail including the encrypted electronic mail text and theencrypted common key to the multi-function device 40. The public key ofthe multi-function device 40 is included in a device certificate of themulti-function device 40. It is necessary for the multi-function device10 to previously acquire the device certificate of the multi-functiondevice 40. Incidentally, information about the certification authoritywhich is an issuing source of the device certificate of themulti-function device 40 and information about the expiration date ofthe device certificate, an electronic signature generated by thecertification authority, etc. in addition to the public key of themulti-function device 40 may be included in the device certificate ofthe multi-function device 40. The multi-function device 40 decodes theencrypted common key by a self-secret key and acquires the common key.Further, the multi-function device 40 decodes the encrypted electronicmail text using the acquired common key and acquires the electronic mailtext. Consequently, a third party can be prevented from sneaking a lookat the electronic mail text.

In addition, the multi-function device 10 further attaches the followingdigest data to the electronic mail. That is, the multi-function device10 generates digest data by digesting an electronic mail text andencrypts the digest data using a self-secret key and attaches theencrypted digest data to the electronic mail. The multi-function device40 acquires first digest data by decoding the encrypted digest datausing a public key of the multi-function device 10 included in a devicecertificate of the multi-function device 10. Therefore, it is necessaryfor the multi-function device 40 to previously acquire the devicecertificate of the multi-function device 10. The multi-function device40 generates second digest data by digesting an electronic mail text byitself. The multi-function device 40 can detect an act of falsifying theelectronic mail text by comparing the first digest data with the seconddigest data.

(Configuration of Multi-Function Device)

Subsequently, a configuration of the multi-function device 10 will bedescribed in detail. The multi-function device 10 includes a controlunit 12, a display unit 14, an operation unit 16, a USB interface 18, anetwork interface 20, a printing unit 22, a storage unit 24, etc. Thecontrol unit 12 executes processing according to a program 32 stored inthe storage unit 24. The display unit 14 displays various pieces ofinformation. The operation unit 16 includes plural keys. A user caninput various instructions to the multi-function device 10 by operatingthe operation unit 16. USB memory (not shown) etc. may be connected tothe USB interface 18. The network interface 20 is connected to theInternet 4. The printing unit 22 prints image data.

The storage unit 24 can store a device setting table 26, an addresstable 28 and a certificate table 30. The storage unit 24 further storesthe program 32 to be executed by the control unit 12. Also, the storageunit 24 has a storage area 34 for storing information other thaninformation 26, 28, 30, 32 described above.

(Registered Contents of Device Setting Table)

Subsequently, registered contents of the device setting table 26 (seeFIG. 1) of the storage unit 24 will be described. FIG. 2 shows oneexample of the registered contents of the device setting table 26. Thedevice setting table 26 includes plural pieces of combinationinformation 54 to 66. Each of the pieces of combination information 54to 66 is information in which a setting item 50 is associated withsetting contents 52. The setting item 50 is a name of a kind of setting.The setting contents 52 show the contents of setting. For example, inthe combination information 54, an “SMTP server port”, which is a nameindicating combination of an address and a port number of the SMTPserver 6, is written into the setting item 50, and “sample.smtp.com:25”,which is combination of an actual address and a port number, is writteninto the setting contents 52. The pieces of combination information 64,66 are related to a certificate exchange and a certificate exchangeresponse. Although “ON” is written as the setting contents 52 of thecertificate exchange and the certificate exchange response in theexample of FIG. 2, A user can select either “ON” or “OFF” by operatingthe operation unit 16 so as to write “ON” or “OFF” into the settingcontents 52 of the certificate exchange and the certificate exchangeresponse.

(Registered Contents of Address Table)

Subsequently, registered contents of the address table 28 (see FIG. 1)of the storage unit 24 will be described. FIG. 3 shows one example ofthe registered contents of the address table 28. The address table 28includes plural pieces of combination information 82 to 88. Each of thepieces of combination information 82 to 88 is information in which amail address 70 is associated with a name 72 and S/MIME setting 76. TheS/MIME setting 76 is a setting for using an encryption technique usingS/MIME. The S/MIME setting 76 includes each information about acertificate 74 and encryption sending 78. The mail address 70 shows aregistered mail address. In the first exemplary embodiment, plural mailaddresses are registered in the address table 28. The example of FIG. 3illustrates four kinds of mail addresses. The name 72 shows a name of adevice corresponding to each of the mail addresses. The certificate 74shows information as to whether or not a device certificate of acommunication apparatus corresponding to each of the mail addresses isregistered in the multi-function device 10. When the device certificateis registered, “registered” is written. In contrast, when the devicecertificate is not registered, “not registered” is written. Theencryption sending 78 column shows information as to whether or not anelectronic mail text is encrypted in the case of sending electronic mailto a communication apparatus corresponding to each of the mailaddresses. In the first exemplary embodiment, when a device certificateof another communication apparatus is registered in the certificatetable 30 (see FIG. 1) (which will be described later), “ON” is writteninto a field of the certificate 74 corresponding to a mail address ofits communication apparatus. On the other hand, when the devicecertificate of another communication apparatus is deleted from thecertificate table 30, “OFF” is written into a field of the certificate74 corresponding to a mail address of its communication apparatus.Incidentally, in the first exemplary embodiment, the user can switch thepieces of combination information 82 to 88 in which “ON” is written intothe field of the certificate 74 from “ON” to “OFF” by operating theoperation unit 16.

(Registered Contents of Certificate Table)

Subsequently, registered contents of the certificate table 30 (seeFIG. 1) of the storage unit 24 will be described. FIG. 4 shows oneexample of the registered contents of the certificate table 30. Thecertificate table 30 includes plural pieces of combination information98 to 108. Each of the pieces of combination information 98 to 108 isinformation in which a kind 90 is associated with a mail address/name92, certificate data 94 and secret key data 96. The kind 90 shows a kindof the certificate. A “CA certificate” indicates certificate issued bythe certification authority (CA). A “self-device certificate” indicatesa device certificate of the multi-function device 10 acquired from thecertification authority. A “device certificate” shows a devicecertificate received from another communication apparatus. The mailaddress/name 92 shows a name of a certificate or a mail addresscorresponding to each of the certificates. For example, when a kind ofcertificate is “CA certificate”, the name of the CA is registered. Whena kind of certificate is the “self-device certificate”, a mail addressof the multi-function device 10 is registered. When a kind ofcertificate is the “device certificate”, a mail address of the othercommunication apparatus is registered. The certificate data 94 mayinclude all the data of various certificates. The secret key data 96 isa secret key of the multi-function device 10. Therefore, the secret keydata 96 is not registered in the pieces of combination information 98,102, 106 and 108 other than the “self-device certificate”.

The multi-function device 10 can previously acquire a self-devicecertificate. For example, the multi-function device 10 sends a requestto a predetermined certification authority, and the predeterminedcertification authority creates a device certificate in response to itsrequest and sends the device certificate to the multi-function device10. Consequently, the multi-function device 10 can acquire the devicecertificate. Alternatively, for example, a user can make thecertification authority create a device certificate of themulti-function device 10 using an external device (for example, a PC)other than the multi-function device 10. The user could then store thedevice certificate of the multi-function device 10 acquired in theexternal device in USB memory. The user inserts the USB memory into theUSB interface 18 (see FIG. 1). Consequently, the multi-function device10 can acquire the device certificate of itself.

(Processing Executed by Multi-Function Device 10 and Multi-FunctionDevice 40)

Subsequently, processing executed by each of the control unit 12 of themulti-function device 10 and a control unit 12′ of the multi-functiondevice 40 will be described. FIG. 5 shows a flowchart of processingexecuted when the control unit 12 of the multi-function device 10registers an electronic mail address. A user can instruct themulti-function device 10 to register an electronic mail address (anelectronic mail address of the multi-function device 40 in the firstexemplary embodiment) of a new communication apparatus in the addresstable 28 by operating the operation unit 16. In this case, the controlunit 12 registers the electronic mail address of the multi-functiondevice 40 in the address table 28 (S2).

Then, the control unit 12 determines whether or not setting 64 of acertificate exchange (see FIG. 2) of the device setting table 26 of thestorage unit 24 becomes “ON” (S4). If the setting 64 of the certificateexchange is “ON” (YES in S4), the control unit 12 proceeds to S6. Incontrast, if the setting 64 of the certificate exchange is “OFF” (NO inS4), the control unit 12 proceeds to S14. In S6, the control unit 12reads a self-device certificate (i.e., the certificate data 94 of thecombination information 104) out of the certificate table 30. Then, thecontrol unit 12 sends a device certificate exchange request includingthe self-device certificate to the multi-function device 40.Incidentally, commands in the first exemplary embodiment are sent andreceived by electronic mail. That is, the control unit 12 sends thedevice certificate exchange request to the multi-function device 40using an electronic mail address registered in the address table 28 as adestination. When the electronic mail is received, the multi-functiondevice, which receives the electronic mail including a command, analyzesan electronic mail text automatically and executes the processingaccording to its command.

The control unit 12 receives a response to the device certificateexchange request sent in S6 from the multi-function device 40 (S8). Inthis case, the control unit 12 determines whether or not a devicecertificate of the multi-function device 40 is included in the receivedresponse (S10). If the device certificate is included (YES in S10), thecontrol unit 12 proceeds to S12. In contrast, if the device certificateis not included (NO in S10), the control unit 12 proceeds to S14.

The control unit 12 changes the registered contents of the address table28 in S12. That is, the control unit 12 turns “on” setting 78 (see FIG.3) of encryption sending corresponding to the electronic mail address(that is, the electronic mail address registered in S2) of themulti-function device 40. Further, setting 74 (see FIG. 3) of acertificate corresponding to the electronic mail address of themulti-function device 40 is “registered” by the control unit 12.Further, the control unit 12 stores new combination information (seeFIG. 4) including the received device certificate in the certificatetable 30 (see FIG. 4) of the storage unit 24 in S12. Consequently, inthe certificate table 30, the electronic mail address of themulti-function device 40 is written into a field of the mail address 92and the device certificate of the multi-function device 40 is writteninto a field of the certificate data 94. As a result, the devicecertificate of the multi-function device 40 is registered in a state ofbeing associated with the electronic mail address of the multi-functiondevice 40 registered in the address table 28.

When S12 ends, the control unit 12 ends the processing. On the otherhand, the control unit 12 changes the stored contents of the addresstable 28 in S14. That is, the control unit 12 turns “off” the setting 78(see FIG. 3) of encryption sending corresponding to the electronic mailaddress of the multi-function device 40. Also, the setting 74 (see FIG.3) of the certificate corresponding to the electronic mail address ofthe multi-function device 40 is “not registered” by the control unit 12.When S14 ends, the control unit 12 ends the processing.

Subsequently, processing executed by the control unit 12′ of themulti-function device 40 will be described. FIG. 6 shows a flowchart ofprocessing in which the control unit 12′ of the multi-function device 40acquires electronic mail from the POP3 server 8. The control unit 12′ ofthe multi-function device 40 starts the present processing in the caseof reaching the predetermined timing at which the presence or absence ofelectronic mail is inquired of the POP3 server 8. Then, the control unit12′ acquires electronic mail addressed to the multi-function device 40from the POP3 server 8. When the control unit 12′ acquires theelectronic mail, the control unit 12′ determines whether or not theacquired electronic mail is a device certificate exchange request fromthe multi-function device 10 (S16). If the electronic mail is thecertificate exchange request (YES in S16), the control unit 12′ proceedsto S20. In contrast, if the electronic mail is not the certificateexchange request (NO in S16), the control unit 12′ determines that theacquired electronic mail is encrypted electronic mail, performsreceiving processing of electronic mail (S18) (which will be describedlater) and ends the processing. The control unit 12′ determines whetheror not setting (setting corresponding to numeral 64 of FIG. 2) of acertificate exchange of the device setting table of the multi-functiondevice 40 is “ON” in S20 (S34). If the setting of the certificateexchange is “ON” (YES in S20), the control unit 12′ proceeds to S22. Incontrast, if the setting of the certificate exchange is “OFF” (NO inS20), the control unit 12′ skips S22 and proceeds to S24.

The control unit 12′ changes the stored contents of an address table (atable corresponding to the table 28 of FIG. 3) of the multi-functiondevice 40 in S22. That is, when an electronic mail address of themulti-function device 10 is not registered in the address table, thecontrol unit 12′ newly registers the electronic mail address in theaddress table. Further, the control unit 12′ turns “on” setting (settingcorresponding to numeral 78 of FIG. 3) of encryption sendingcorresponding to the electronic mail address of the multi-functiondevice 10. Also, setting (setting corresponding to numeral 74 of FIG. 3)of a certificate corresponding to the electronic mail address of themulti-function device 10 is “registered” by the control unit 12′. Whenthe electronic mail address of the multi-function device 10 is alreadyregistered in the address table, the control unit 12′ updates thesetting of the certificate and the setting of the encryption sendingcorresponding to the registered electronic mail address. Further, thecontrol unit 12′ stores new combination information including thereceived device certificate in a certificate table (a tablecorresponding to the table 30 of FIG. 4) of a storage unit in S22. WhenS22 ends, the control unit 12′ proceeds to S24.

Then, the control unit 12′ determines whether or not setting (settingcorresponding to numeral 66 of FIG. 2) of a certificate exchangeresponse of the device setting table is “ON” in S24. If the setting ofthe certificate exchange response is “ON” (YES in S24), the control unit12′ proceeds to S26. In contrast, if the setting of the certificateexchange response is “OFF” (NO in S24), the control unit 12′ proceeds toS28. The control unit 12′ sends a response including the devicecertificate of the multi-function device 40 to the multi-function device10 in S26. As a result, the multi-function device 10 determines YES inS10 of FIG. 5. When S26 ends, the control unit 12′ ends the processing.On the other hand, the control unit 12′ sends a response withoutincluding the device certificate of the multi-function device 40 to themulti-function device 10 in S28. As a result, the multi-function device10 determines NO in S10 of FIG. 5. When S28 ends, the control unit 12′ends the processing.

FIG. 7 shows a flowchart of processing executed when the multi-functiondevice 10 sends electronic mail. For example, a user of themulti-function device 10 can execute an operation for sending electronicmail. The user can specify an electronic mail address (an electronicmail address of the multi-function device 40 in the first exemplaryembodiment) of a sending destination of the electronic mail from theaddress table 28. In this case, the control unit 12 determines that theelectronic mail address of the sending destination of the electronicmail is registered in the address table 28 (YES in S30). If YES in S30,the control unit 12 encrypts the electronic mail. That is, the controlunit 12 encrypts an electronic mail text using a predetermined commonkey. Further, the multi-function device 10 specifies the certificatedata 94 (see FIG. 4) corresponding to an electronic mail address of themulti-function device 40 from the certificate table 30 and specifies apublic key of the multi-function device 40 from the certificate data 94.Then, the multi-function device 10 encrypts the common key using apublic key of a multi-function device of the sending destination of theelectronic mail and attaches the encrypted common key to the electronicmail. Further, the control unit 12 generates digest data by digestingthe electronic mail text, encrypts the digest data using a self-secretkey and attaches the encrypted digest data to the electronic mail. Then,the control unit 12 sends electronic mail including the encryptedelectronic mail text, the encrypted common key and the encrypted digestdata to the multi-function device of the sending destination (S32).

On the other hand, a user can input an electronic mail address, which isnot stored in the address table 28, by operating the operation unit 16.Then, the user can execute an operation for sending the electronic mail.In this case, the control unit 12 determines NO in S30. If NO in S30,the control unit 12 executes processing for acquiring a devicecertificate of a multi-function device of a sending destination ofelectronic mail (S34). Concretely, the control unit 12 acquires thedevice certificate of the multi-function device of the sendingdestination of the electronic mail by executing S6 and S8 of FIG. 5.When the device certificate of the multi-function device of the sendingdestination of the electronic mail can be acquired (YES in S36), thecontrol unit 12 performs the encryption processing, sends the electronicmail to the multi-function device of the sending destination (S32) andends the sending processing of the electronic mail.

Incidentally, there are cases where the response including the devicecertificate cannot be received (NO in S10 of FIG. 5) even when thedevice certificate exchange request of S6 of FIG. 5 is sent. In thiscase, the control unit 12 determines NO in S36 and sends electronic mailwithout performing the encryption processing (S38) and ends the sendingprocessing of the electronic mail.

When the control unit 12′ of the multi-function device 40 receives theelectronic mail sent from the multi-function device 10 in S32, thecontrol unit 12′ executes each processing as follows. (1) The controlunit 12′ specifies a self-secret key from a certificate table (that is,specifies secret key data of a table corresponding to FIG. 4). Thecontrol unit 12′ acquires a common key by decoding an encrypted commonkey included in the electronic mail using the self-secret key. (2) Thecontrol unit 12′ acquires an electronic mail text by decoding anencrypted electronic mail text included in the electronic mail using thecommon key acquired in (1). (3) The control unit 12′ generates firstdigest data by digesting the electronic mail text acquired in (2). Thecontrol unit 12′ specifies an electronic mail address of themulti-function device 10, which is a sending source of the electronicmail. The control unit 12′ specifies a device certificate correspondingto the specified electronic mail address (that is, specifies certificatedata of a certificate table corresponding to FIG. 4). The control unit12′ specifies a public key of the multi-function device 10 included inthe specified device certificate. The control unit 12′ generates seconddigest data by decoding encrypted digest data included in the electronicmail using the public key of the multi-function device 10. The controlunit 12′ verifies whether or not the first digest data matches with thesecond digest data and changes processing according to the verificationresult. For example, absence of warning is printed when the digest datamatches, and presence of warning is printed when the digest data doesnot match. Incidentally, these processing are the processing of S18 inFIG. 6.

Second Exemplary Embodiment

A second exemplary embodiment of the invention will be described.Processing executed by each of a control unit 12 of a multi-functiondevice 10 and a control unit 12′ of a multi-function device 40 accordingto the second exemplary embodiment will be described. Incidentally, aconfiguration of a multi-function device system 2 and configurations ofthe multi-function devices 10, 40 are similar to those in the firstexemplary embodiment.

FIG. 8 shows a flowchart of processing executed when the multi-functiondevice 10 registers an electronic mail address. When the control unit 12registers an electronic mail address of the multi-function device 40 inan address table 28 (S40), the control unit 12 determines whether or notsetting 64 of a certificate exchange of a device setting table 26 of thestorage unit 24 becomes “ON” (S42). If the setting 64 of the certificateexchange is “ON” (YES in S42), the control unit 12 proceeds to S44. Incontrast, if the setting 64 of the certificate exchange is “OFF” (NO inS42), the control unit 12 proceeds to S54.

The control unit 12 sends a command for inquiring setting of acertificate exchange response of a device setting table of themulti-function device 40 to the multi-function device 40 in S44. Whenthe control unit 12 receives a response to the command sent in S44 fromthe multi-function device 40, the control unit 12 determines whether ornot the received response is a response indicating that setting (settingcorresponding to numeral 66 of FIG. 2) of the certificate exchangeresporise of the multi-function device 40 is “ON” (S46). If the receivedresponse is the response indicating that the setting is “ON” (YES inS46), the control unit 12 proceeds to S48. In contrast, if the receivedresponse is the response indicating that the setting is “OFF” (NO inS46), the control unit 12 proceeds to S54.

The control unit 12 reads a self-device certificate (that is,certificate data 94 of combination information 104) out of a certificatetable 30 in S48. Then, the control unit 12 sends a device certificateexchange request including the self-device certificate to themulti-function device 40. The control unit 12 receives a response to thedevice certificate exchange request sent in S48 from the multi-functiondevice 40 (S50). Incidentally, since the control unit 12 has alreadyreceived a response indicating that setting of a certificate exchange ofthe multi-function device 40 is “ON” in S46, so that a devicecertificate of the multi-function device 40 is included in a responsereceived in S50. The control unit 12 changes the stored contents of theaddress table 28 in S52. That is, the control unit 12 turns “on” setting78 (see FIG. 3) of encryption sending corresponding to an electronicmail address (that is, an electronic mail address registered in S16) ofthe multi-function device 40. Also, setting 74 (see FIG. 3) of acertificate corresponding to the electronic mail address of themulti-function device 40 is “registered” by the control unit 12.Further, the control unit 12 stores new combination information (seeFIG. 4) including the received device certificate in the certificatetable 30 (see FIG. 4) of the storage unit 24 in S52. Consequently, inthe certificate table 30, the electronic mail address of themulti-function device 40 is written into a field of a mail address 92and the device certificate of the multi-function device 40 is writteninto a field of the certificate data 94. As a result, the devicecertificate of the multi-function device 40 is registered in a state ofbeing associated with the electronic mail address of the multi-functiondevice 40 registered in the address table 28.

When S52 ends, the control unit 12 ends the processing. The control unit12 changes the stored contents of the address table 28 in S54. That is,the control unit 12 turns “off” the setting 78 (see FIG. 3) ofencryption sending corresponding to the electronic mail address of themulti-function device 40. Also, the setting 74 (see FIG. 3) of thecertificate corresponding to the electronic mail address of themulti-function device 40 is “not registered” by the control unit 12.When S54 ends, the control unit 12 ends the processing.

Subsequently, processing executed by the control unit 12′ of themulti-function device 40 will be described. FIG. 9 shows a flowchart ofprocessing in which the control unit 12′ of the multi-function device 40acquires electronic mail from a POP3 server 8. The control unit 12′starts the present processing in the case of reaching the predeterminedtiming at which the presence or absence of electronic mail is inquiredof the POP3 server 8. Then, the control unit 12′ acquires electronicmail addressed to the multi-function device 40 from the POP3 server 8.When the control unit 12′ acquires the electronic mail, the control unit12′ determines whether or not the acquired electronic mail is a devicecertificate exchange request from the multi-function device 10 (S56). Ifthe electronic mail is the certificate exchange request (YES in S56),the control unit 12′ proceeds to S58. In contrast, if the electronicmail is not the certificate exchange request (NO in S56), the controlunit 12′ proceeds to S64. The control unit 12′ determines whether or notsetting (setting corresponding to numeral 66 of FIG. 2) of a certificateexchange response of a device setting table of the multi-function device40 is “ON” in S58. If the setting of the certificate exchange responseis “ON” (YES in S58), the control unit 12′ sends a response indicatingthat the setting of the certificate exchange response is “ON” to themulti-function device 10 (S60) and ends the processing. In contrast, ifthe setting of the certificate exchange response is “OFF” (NO in S58),the control unit 12′ sends a response indicating that the setting of thecertificate exchange response is “OFF” to the multi-function device 10(S62) and ends the processing.

The control unit 12′ determines whether or not the received electronicmail is a device certificate exchange request from the multi-functiondevice 10 in S64. If the electronic mail is the certificate exchangerequest (YES in S64), the control unit 12′ proceeds to S66. In contrast,if the electronic mail is not the certificate exchange request (NO inS64), the control unit 12′ determines that the acquired electronic mailis encrypted electronic mail, performs receiving processing ofelectronic mail as similar to that of S18 in FIG. 6 (S72) and ends theprocessing. The control unit 12′ determines whether or not setting(setting corresponding to numeral 64 of FIG. 2) of a certificateexchange of the device setting table of the multi-function device 40 is“ON” in S66. If the setting of the certificate exchange is “ON” (YES inS66), the control unit 12′ proceeds to S68. In contrast, if the settingof the certificate exchange is “OFF” (NO in S66), the control unit 12′skips S68 and proceeds to S70.

The control unit 12′ changes the stored contents of an address table (atable corresponding to the table 30 of FIG. 3) of the multi-functiondevice 40 in S68. That is, when an electronic mail address of themulti-function device 10 is not registered in the address table, thecontrol unit 12′ newly registers the electronic mail address in theaddress table. Further, the control unit 12′ turns “on” setting (settingcorresponding to numeral 78 of FIG. 3) of encryption sendingcorresponding to the electronic mail address of the multi-functiondevice 10. Also, setting (setting corresponding to numeral 74 of FIG. 3)of a certificate corresponding to the electronic mail address of themulti-function device 10 is “registered” by the control unit 12′. Whenthe electronic mail address of the multi-function device 10 isregistered in the address table, the control unit 12′ updates thesetting of the certificate and the setting of the encryption sendingcorresponding to the registered electronic mail address. Further, thecontrol unit 12′ stores new combination information including thereceived device certificate in a certificate table (a tablecorresponding to the table 30 of FIG. 4) of a storage unit in S68. WhenS68 ends, the control unit 12′ proceeds to S70. The control unit 12′sends a response including the device certificate of the multi-functiondevice 40 to the multi-function device 10 in S70. When S70 ends, thecontrol unit 12′ ends the processing.

Incidentally, in the first exemplary embodiment, the certificateexchange request is sent from the multi-function device 10 to themulti-function device 40 in FIG. 5. Alternatively, when themulti-function device 40 acquires the device certificate of themulti-function device 40, the device certificate exchange request issent from the multi-function device 40 to the multi-function device 10.In this case, the subject of each processing disclosed in FIGS. 5 and 6is reversed. Also, in the processing shown in FIG. 7 and the processingshown in FIGS. 8 to 10 of the second exemplary embodiment, the subjectof each processing may be reversed.

The multi-function device system 2 of the second exemplary embodimenthas been described. The multi-function device 10 can send a command forrequesting an exchange of a device certificate to the multi-functiondevice 40 in the case of registering an electronic mail address of themulti-function device 40 in the address table 28. As a result, thepossibility of acquiring a device certificate of the multi-functiondevice 40 which is a sending destination can be increased in the case ofhaving to send electronic mail to the multi-function device 40. Also,the multi-function device 10 can send electronic mail encrypted usingthe device certificate of the multi-function device 40 to themulti-function device 40. The fact that an electronic mail address ofthe multi-function device 40 is registered in the address table 28 ofthe multi-function device 10 expects that there will be a highpossibility that a user of the multi-function device 10 conductscommunication by electronic mail with the multi-function device 40. Byacquiring a device certificate of the multi-function device 40 in thecase of registering an electronic mail address, encryption processing ofits electronic mail is speedily performed in the case of sendingelectronic mail to the multi-function device 40 thereafter. Moreover, anelectronic mail address of the multi-function device 40 is registered inthe address table 28, so that a device certificate exchange request sentto the multi-function device 40 could be made to the registeredelectronic mail address. Hence, the device certificate of themulti-function device 40 can simply be acquired from the multi-functiondevice 40.

Also, according to the multi-function device 10, a certificate exchangerequest including a self-device certificate can be sent to themulti-function device 40. As a result, the multi-function device 10 cansend a self-device certificate when the self-device certificate is notsent to the multi-function device 40. That is, the mutual devicecertificates can easily be exchanged between the multi-function device10 and the multi-function device 40.

Also, according to the multi-function device 10, a device certificate ofa multi-function device of a sending destination can be acquired beforesending of electronic mail in the case of having to send electronic mailto an address, which is not registered in the address table 28, of themulti-function device. As a result, the multi-function device 10 canencrypt a common key using a public key included in the acquired devicecertificate and can send the encrypted common key to the multi-functiondevice of the sending destination. That is, the encrypted electronicmail can also be sent to the electronic mail address which is notregistered in the address table 28.

The above-described exemplary embodiments are only illustrative and theclaims are not limited thereby. The art described in the claims includesvarious modifications and changes of the concrete examples illustratedabove.

The control unit 12 of the multi-function device 10 may perform displayfor inquiring a check of the setting 64 of a certificate exchange of auser on the display unit 14 every time a certificate exchange request isreceived. Also, the control unit 12 may perform display for inquiring acheck of the setting 66 of a certificate exchange response of a user onthe display unit 14 every time a command for inquiring the setting 66 ofthe certificate exchange response is received. In this case, the controlunit 12 may send a response to a sending source of the certificateexchange request or a sending source of the command under condition thatinstructions to already check the setting are inputted from the user.

The technical elements described in the present specification or thedrawings exert technical utility singly or various combinations, and arenot limited to combinations described in the claims at the time of theapplication. Also, the art illustrated in the present specification orthe drawings can simultaneously achieve plural purposes, and theachievement itself of one of the purposes has technical utility.

What is claimed is:
 1. A communication apparatus comprising: a storage device storing computer readable instructions and comprising a device setting table, an address table and a certificate table; and a processor configured to execute the computer readable instructions, wherein the computer readable instructions cause the processor to implement: registering an e-mail address of a first communication apparatus in the address table, upon receiving a request to register the address of the first communication apparatus; retrieving a certificate exchange setting registered in the device setting table upon receiving the request to register the address of the first communication apparatus in the address table; determining whether the retrieved certificate exchange setting indicates that the communication apparatus is configured to require a certificate to transmit data to another communication apparatus; transmitting a first command to the e-mail address of the first communication apparatus in response to the determination that the retrieved certificate exchange setting indicates that the communication apparatus is configured to require a certificate to transmit data to another communication apparatus, wherein the first command is for requesting a first public key corresponding to a first secret key of the first communication apparatus; receiving the first public key from the first communication apparatus; registering the first public key in the certificate table in association with the e-mail address of the first communication apparatus; generating first encrypted data by encrypting first data using the first public key included in the certificate table when receiving a request to transmit the first data to the e-mail address of the first communication apparatus; and transmitting the first encrypted data to the e-mail address of the first communication apparatus.
 2. The communication apparatus according to claim 1, wherein the computer readable instructions further cause the processor to implement: receiving a request to transmit second data to an e-mail address of a second communication apparatus, wherein the e-mail address of the second communication apparatus is not registered in the address table when the request is received; transmitting a second command for requesting a second public key corresponding to a second secret key of the second communication apparatus to the e-mail address of the second communication apparatus; receiving the second public key; generating second encrypted data by encrypting the second data using the second public key included in the second response; and transmitting the second encrypted data to the address of the second communication apparatus.
 3. The communication apparatus according to claim 1, wherein the computer readable instructions further cause the processor to implement: transmitting a self-device certificate with the first command to the e-mail address of the first communication apparatus, wherein the self-device certificate is stored in the certificate table, and comprises a public key corresponding to a secret key of the communication apparatus.
 4. The communication apparatus according to claim 1, the computer readable instructions further cause the processor to implement: receiving a third command for requesting the public key, stored in the certificate table, corresponding to the secret key of the communication apparatus; and transmitting the public key to a source of the third command.
 5. The communication apparatus according to claim 4, wherein the computer readable instructions further cause the processor to implement: allowing a user to select whether the public key stored in the certificate table is to be sent in response to the third command; registering a certificate exchange response setting in accordance with selection by the user; upon receiving the third command, determining whether the certificate exchange response setting indicates that the communication apparatus is configured to transmit the pubic key stored in the certificate table; and transmitting the public key stored in the certificate table to the source of the third command when the determining determines that the certificate exchange response setting indicates that the communication apparatus is configured to transmit the public key stored in the certificate table.
 6. The communication apparatus according to claim 4, wherein the computer readable instructions further cause the processor to implement: transmitting the public key stored in the certificate table to the source of the third command if a public key corresponding to a secret key of the source of the third command is included in the third command.
 7. The communication apparatus according to claim 6, wherein the computer readable instructions further cause the processor to implement: registering the public key corresponding to the secret key of the source of the third command included in the third command, in the certificate table, in association with an e-mail address of the source.
 8. The communication apparatus according to claim 1, wherein the first public key is included in a device certificate authenticated by a certification authority.
 9. A non-transitory computer-readable recording medium comprising instructions for using a communication apparatus, comprising: registering an e-mail address of a first communication apparatus in an address table, upon receiving a request to register the address of the first communication apparatus; retrieving a certificate exchange setting registered in a device setting table upon receiving the request to register the address of the first communication apparatus in the address table; determining whether the retrieved certificate exchange setting indicates that the communication apparatus is configured to require a certificate to transmit data to another communication apparatus; transmitting a first command to the e-mail address of the first communication apparatus in response to determination that the retrieved certificate exchange setting indicates that the communication apparatus is configured to require a certificate to transmit data to another communication apparatus, wherein the first command is for requesting a first public key corresponding to a first secret key of the first communication apparatus; receiving the first public key from the first communication apparatus; registering the first public key in a certificate table in association with the e-mail address of the first communication apparatus; generating first encrypted data by encrypting first data using the first public key included in the certificate table when receiving a request to transmit the first data to the e-mail address of the first communication apparatus; and transmitting the first encrypted data to the e-mail address of the first communication apparatus. 